THAT WHICH IS CLAIMED IS: 

1 . A method for a middle-tier server to impersonate a client to a 
plurality of servers, the method comprising: 

obtaining a common nonce associated with each of the plurality of servers; 
5 providing the common nonce to the client; 

receiving the common nonce signed by the client at the middle-tier server; 

and 

providing the signed common nonce as a signature for transactions from the 
client to the plurality of servers so as to authenticate the client to the plurality of 
10 servers. 

2. The method of Claim 1, wherein the step of obtaining a common 
nonce comprises the step of generating a common nonce based on information 
obtained from each of the plurality of servers. 

15 

3. The method of Claim 2, wherein the step of generating a common 
nonce comprises the steps of: 

obtaining pre-nonce contributions from the plurality of servers; 
combining the pre-nonce contributions to provide a single pre-nonce token; 

20 and 

providing the common nonce based on the pre-nonce token. 

4. The method of Claim 3, wherein the step of providing the common 
nonce comprises reducing the pre-nonce token to provide the common nonce. 

25 

5 . The method of Claim 3, wherein the step of combining the pre- 
nonce contributions to provide a single pre-nonce token comprises concatenating 
the pre-nonce contributions. 
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6. The method of Claim 4, wherein the step of reducing the pre-nonce 
token to provide the common nonce comprises the step of hashing the pre-nonce 
token utilizing a one-way hash function so as to provide the common nonce. 

5 7. The method of Claim 3, wherein the step of obtaining pre-nonce 

contributions comprises the steps of: 

requesting a pre-nonce contribution from each of the plurality of servers; 

and 

receiving the pre-nonce contributions from the plurality of servers. 

10 

8. The method of Claim 7, wherein requesting a pre-nonce 
contribution comprises sending authenticated requests to the plurality of servers. 

9. The method of Claim 8, further comprising the step of encrypting 
1 5 the authenticated requests sent to the plurality of servers. 

1 0. The method of Claim 8, wherein the authenticated requests include 
at least one of an identification of a source of the request, a time stamp and a 
random number. 

20 

1 1 . The method of Claim 3, wherein the pre-nonce contributions 
include at least one of an identification of a server of the plurality of servers and a 
random number. 

25 12. The method of Claim 3, wherein the pre-nonce contributions are 

signed with a signature corresponding to a server from which the pre-nonce 
contribution was obtained, the method further comprising incorporating the 
signatures in the pre-nonce token. 

30 13. The method of Claim 3, wherein the pre-nonce contributions are 

signed with a signature corresponding to a server from which the pre-nonce 
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contribution was obtained, the method further comprising authenticating the 
signatures of the pre-nonce contributions and rejecting pre-nonce contributions for 
which the digital signature is not authentic. 

5 14. The method of Claim 3, further comprising the steps of: 

receiving a transaction identification from a trusted server of the plurality of 
servers; and 

associating the transaction identification with the common nonce. 

10 15. The method of Claim 1 4, further comprising the step of tracking use 

of the common nonce based on the transaction identification. 

16. The method of Claim 3, further comprising the steps of: 
associating an expiration time with a pre-nonce contribution; and 

1 5 determining if the pre-nonce contribution has expired based on its 

associated expiration time. 

1 7. The method of Claim 16, further comprising the steps of: 
receiving the common nonce at a server of the plurality of servers; 

20 determining a pre-nonce contribution associated with the received common 

nonce; and 

accepting the received common nonce if the associated pre-nonce 
contribution has not expired. 

25 18. The method of Claim 3, wherein at least one of the plurality of 

servers carries out the steps of: 

receiving a client certificate; 

determining if the client certificate is trusted; and 

indicating that the client is not authenticated if the client certificate is not 

30 trusted. 
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19. The method of Claim 3, wherein at least one of the plurality of 
servers carries out the steps of: 

receiving the signed common nonce and a client certificate; 
determining if the signature of the signed common nonce corresponds to a 
5 signature of the client certificate; and 

indicating that the client is not authenticated if the signature of the signed 
common nonce does not correspond to the signature of the client certificate. 

20. The method of Claim 6, wherein at least one of the plurality of 
1 0 servers carries out the steps of: 

receiving the signed common nonce, the common nonce and the pre-nonce 

token; 

hashing the received pre-nonce token; 

comparing the hashed pre-nonce token to the common nonce; 
15 indicating that the client is not authenticated if the hashed pre-nonce token 

is different from the common nonce. 



2 1 . The method of Claim 1 1 , wherein at least one of the plurality of 
servers carries out the steps of: 
20 receiving the pre-nonce token; 

determining if the pre-nonce token includes a random number associated 
with the at least one of the plurality of servers; and 

indicating that the client is not authenticated if the pre-nonce token does not 
include the random number associated with the at least one of the plurality of 



22. The method of Claim 2 1 , wherein at least one of the plurality of 
servers carries out the steps of: 

associating an expiration with the random number associated with the at 
30 least one of the plurality of servers; and 
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indicating that the client is not authenticated if the pre-nonce token does not 
include a random number associated with the at least one of the plurality of servers 
which has not expired. 

5 23. The method of Claim 1, wherein the step of obtaining a common 

nonce comprises the steps of: 

obtaining the common nonce from a party trusted by the middle-tier server 
and the plurality of servers, the common nonce being signed by the trusted party; 
and 

1 0 verifying the signature of the common nonce is the signature of the trusted 

party. 

24. The method of Claim 23, wherein at least one of the plurality of 
servers carries out the steps of: 
1 5 receiving a client certificate; 

determining if the client certificate is trusted; and 

indicating that the client is not authenticated if the client certificate is not 

trusted. 

20 25. The method of Claim 23, wherein at least one of the plurality of 

servers carries out the steps of: 

receiving the signed common nonce and a client certificate; 
determining if the signature of the signed common nonce corresponds to a 
signature of the client certificate; and 
25 indicating that the client is not authenticated if the signature of the signed 

common nonce does not correspond to the signature of the client certificate. 

26. A system for a middle-tier server to impersonate a client to a 
plurality of servers, comprising: 
30 means for obtaining a common nonce associated with each of the plurality 

of servers; 
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means for providing the common nonce to the client; 
means for receiving the common nonce signed by the client at the middle- 
tier server; and 

means for providing the signed common nonce as a signature for 
5 transactions from the client to the plurality of servers so as to authenticate the 
client to the plurality of servers. 

27. A computer program product for a middle-tier server to impersonate 
a client to a plurality of servers, comprising: 
10 a computer readable media having computer readable program code 

embodied therein, the computer readable program code comprising: 

computer readable program code that obtains a common nonce associated 
with each of the plurality of servers; 

computer readable program code that provides the common nonce to the 

15 client; 

computer readable program code that receives the common nonce signed by 
the client at the middle-tier server; and 

computer readable program code that provides the signed common nonce as 
a signature for transactions from the client to the plurality of servers so as to 
20 authenticate the client to the plurality of servers. 



28. A method of authenticating a client, comprising: 
receiving at a server of a plurality of servers, a common nonce which is 
associated with each of the plurality of servers, the common nonce being signed by 
25 the client; and 

authenticating the client based on the received signed common nonce. 



29. The method of Claim 28, wherein the common nonce is provided by 
a trusted third party. 

30 
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30. The method of Claim 28, wherein the common nonce is generated 
based on information provided, by each of the plurality of servers. 

31. A system for authenticating a client, comprising: 

5 means for receiving at a server of a plurality of servers, a common nonce 

which is associated with each of the plurality of servers, the common nonce being 
signed by the client; and 

means for authenticating the client based on the received signed common 

nonce. 

10 

32. A computer program product for authenticating a client, 
comprising: 

a computer readable media having computer readable program code 
embodied therein, the computer readable program code comprising: 
1 5 computer readable program code which receives at a server of a plurality of 

servers, a common nonce which is associated with each of the plurality of servers, 
the common nonce being signed by the client; and 

computer readable program code which authenticates the client based on 
the received signed common nonce. 

20 
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